From bcbdb2f72f39589ebb4f8c4bddbe009380d9df8d Mon Sep 17 00:00:00 2001
From: Elena Balakhonova <balakhonova@rnd.stcnet.ru>
Date: Sat, 5 Oct 2019 14:11:59 +0300
Subject: [PATCH] Store passwords in file

Other users can see the full command lines of the launched programs
so passwords will be compromised on a multi-user system
---
 gocheese.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/gocheese.go b/gocheese.go
index 0942d3f..8188671 100644
--- a/gocheese.go
+++ b/gocheese.go
@@ -63,7 +63,7 @@ var (
 	norefreshURLPath = flag.String("norefresh", "/norefresh/", "Non-refreshing URL path")
 	refreshURLPath   = flag.String("refresh", "/simple/", "Auto-refreshing URL path")
 	pypiURL          = flag.String("pypi", "https://pypi.org/simple/", "Upstream PyPI URL")
-	auth             = flag.String("auth", "spam:foo", "login:password,...")
+	auth             = flag.String("auth", "passwd", "Path to file with login:passwd")
 	fsck             = flag.Bool("fsck", false, "Check integrity of all packages")
 	version          = flag.Bool("version", false, "Print version information")
 	warranty         = flag.Bool("warranty", false, "Print warranty information")
@@ -425,7 +425,11 @@ func main() {
 		}
 		return
 	}
-	for _, credentials := range strings.Split(*auth, ",") {
+	auth, err := ioutil.ReadFile(*auth)
+	if err != nil {
+		log.Fatal(err)
+	}
+	for _, credentials := range strings.Split(strings.TrimRight(string(auth), "\n"), "\n") {
 		splitted := strings.Split(credentials, ":")
 		if len(splitted) != 2 {
 			log.Fatal("Wrong auth format")
-- 
2.44.0